From b7e521c04f4a1d2cae36677e411376b1367e3614 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 2 Jul 2019 22:01:03 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/9xxx/CVE-2017-9795.json | 5 +++ 2019/13xxx/CVE-2019-13177.json | 67 ++++++++++++++++++++++++++++++++++ 2019/6xxx/CVE-2019-6623.json | 67 ++++++++++++++++++++++++++++++---- 3 files changed, 132 insertions(+), 7 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13177.json diff --git a/2017/9xxx/CVE-2017-9795.json b/2017/9xxx/CVE-2017-9795.json index 67a451f0101..57ea40f1286 100644 --- a/2017/9xxx/CVE-2017-9795.json +++ b/2017/9xxx/CVE-2017-9795.json @@ -62,6 +62,11 @@ "name": "102488", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102488" + }, + { + "refsource": "MLIST", + "name": "[geode-dev] 20190702 Re: [PROPOSAL]: Improve OQL Method Invocation Security", + "url": "https://lists.apache.org/thread.html/3a48163ca1fff757aefa4d9df24a251bb11ddd599a78cd85585abd00@%3Cdev.geode.apache.org%3E" } ] } diff --git a/2019/13xxx/CVE-2019-13177.json b/2019/13xxx/CVE-2019-13177.json new file mode 100644 index 00000000000..88d98224b43 --- /dev/null +++ b/2019/13xxx/CVE-2019-13177.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. This occurs because incorrect code refactoring led to calling a security-critical function with an incorrect argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh", + "refsource": "MISC", + "name": "https://github.com/apragacz/django-rest-registration/security/advisories/GHSA-p3w6-jcg4-52xh" + }, + { + "url": "https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0", + "refsource": "MISC", + "name": "https://github.com/apragacz/django-rest-registration/releases/tag/0.5.0" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6623.json b/2019/6xxx/CVE-2019-6623.json index 64b16352fb3..6fdf3d22178 100644 --- a/2019/6xxx/CVE-2019-6623.json +++ b/2019/6xxx/CVE-2019-6623.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6623", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6623", + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "BIG-IP 14.1.0-14.1.0.5" + }, + { + "version_value": "14.0.0-14.0.0.4" + }, + { + "version_value": "13.0.0-13.1.1.4" + }, + { + "version_value": "12.1.0-12.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K72335002", + "url": "https://support.f5.com/csp/article/K72335002" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, undisclosed traffic sent to BIG-IP iSession virtual server may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS)." } ] }